kk CHN wrote:
People ;
I have 2 server boxes one in DMZ-1 and the other in DMZ-2 ,
DMZ-1 machine having internet connection,DMZ-2 not having Internet
connection, an application in weblogic appserver (thats in a LAN
machine which can communicate only with DMZ -2 machine) .
Note:
( In this LAN machine there is the HTTP Proxy (host name , proxy
port etc ..) directives for weblogic server to configure )..
How can I make the LAN machine to access Internet( InterNet --->
DMZ-1 ---> DMZ-2--->LAN machine with Weblogic) ?
where are all I have to use squid inorder to make the LAN
machine to access the internet ?
Two ways to do this:
1) route traffic from weblogic machine going to port 80, out via DMZ-2
then via DMZ-1. Open your firewalls just for that machine when it
connects out and the response coming back.
2) Install another Squid in DMZ-2, config the weblogic machines squid to
use it as parent for access.
AND install squid in DMZ-1, config the DMZ-2 squid to use it as
parent for access.
AND configure each squid down the chain to only allow the weblogic
machines requests out and replies back.
(1) is really the preferred method. Much simpler, thus easily secured,
and it does not involve setting up several copies of new possibly
breachable software just to get one machine web access.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
